Sklyarov was thrown into jail for failing to police and censor his own software development decisions. As has been widely reported, Sklyarov was jailed in mid-July for having developed software that could make it easier for users of Adobe's eBook Reader to disable security features that restricted how eBook content could be accessed. Although the application apparently violated no Russian law, it did, according to the Justice Department, run afoul of the Digital Millennium Copyright Act, or DMCA, which bans technologies that could be used to get around software used to protect digital copyrighted material. Sklyarov was recently released on bail, and the case is still pending.
The same week Sklyarov was jailed, the state of South Carolina added IT workers to the list of professionals required to report to legal authorities if, in the course of attending to a piece of technology, they see-say on a PC hard drive-that the user has collected child pornography or other evidence of child abuse or neglect. There are penalties for IT workers who fail to report such evidence to authorities but, reportedly, few if any guidelines on specifically what constitutes reportable evidence.
The urge to enlist IT workers and software developers in the battle against what seem like new threats enabled by the Web is, I supposed, not surprising. To many legislators and government lawyers, the workings of the Web seem complex. Who better to spot bad guys and prevent harmful technologies from seeing the light of day than the tech experts themselves?
But a closer look suggests that turning IT types into digital cops makes no sense. Take the Sklyarov case, for example. Asking legitimate, commercial developers like Sklyarov not to develop software that could be used to skirt technology used to protect copyrighted material could, in the end, do more to harm the security of products like eBook than to protect it. If Sklyarov can develop and distribute software that can bypass the eBook protections, you can be sure underground hackers can and will do much worse. The smart thing would be to use what developers like Sklyarov have written to learn how to improve security software rather than asking him and other above-ground developers to police and censor themselves.
The logic behind enlisting IT tech support workers in the war against digitally distributed child pornography is similarly flawed. In the vast majority of instances, tech support workers would have no reason to look at the type of content contained in Web history files on a user's PC. Asking them to do so would be like asking automobile mechanics to examine the contents of customers' vehicles in search of illegal drugs or guns. Bad guys are known to transport bad stuff in the trunks of their cars, right? So, while mechanics are under the hood, why not ask them to take a peek into the trunk? While we're at it, why don't we ask dry cleaners to report if they uncover lipstick-smeared shirts that show a husband has been unfaithful to his spouse? The whole thing smacks a bit too much of Cultural Revolution-style invasion of privacy.
Don't get me wrong. I think destructive hackers must be stopped. Same for people who exploit children. I'm just saying that enlisting software developers and IT workers as the front-line troops in those battles, in the end, makes no sense. What makes more sense is to use existing laws to go after these people. We have existing copyright laws that, unlike the DMCA, actually target copyright-infringing behaviors, not the tools that enable them. Likewise, we have anti-child pornography laws that permit hard disk searches upon the presentation of probable cause. Why not use them?
What do you think? Should IT professionals be enlisted as info cops? Let me know in the TalkBack below.